What is claimed is: 

1 LA method comprising: 

2 providing a user-defined data type; 

3 providing security information for the user-defined data type; 

4 storing data instances according to the user-defined data type; and 

5 associating the security information with the data instances. 

1 2. The method of claim 1 , wherein associating the security information 

2 comprises associating the security information with each individual data instance. 

1 3. The method of claim 1, wherein associating the security information 

2 comprises associating an access list containing a list of identifiers of authorized entities. 

1 4. The method of claim 1 , further comprising: 

2 providing one or more functions to perform predetermined one or more 

3 tasks for the user-defined data type; and 

4 invoking the one or more functions to process data instances according to 

5 the user-defined data type. 

1 5. An article comprising at least one storage medium containing instructions 

2 executable in a database system, the instructions when executed causing the database 

3 system to: 

4 provide a first data type defining security information relating to access 

5 rights; 

6 store an instance of data according to the first data type in the database 

7 system; and 

8 associate the security information with the instance of data. 

1 6. The article of claim 5, wherein the instructions when executed cause the 

2 database system to further: 

3 receive a request to access the instance of data; and 
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4 grant access to the instance of data based on the security information. 

1 7. The article of claim 5, wherein the instructions when executed cause the 

2 database system to provide the first data type by providing a user-defined data type. 

1 8. The article of claim 7, wherein the instructions when executed cause the 

2 database system to provide the user-defined data type by providing the user-defined data 

3 type in an object relational database system. 

1 9. The article of claim 5, wherein the instructions when executed cause the 

2 database system to store the instance of data by storing the instance of data in an object 

3 relational database system. 

1 1 0. The article of claim 5, wherein the instructions when executed cause the 

2 database system to further associate one or more functions with the instance of data, the 

3 one or more functions to provide one or more predefined tasks. 

1 11. The article of claim 1 0, wherein the instructions when executed cause the 

2 database system to further invoke at least one of the functions to add an identifier of an 

3 authorized entity to the security information, the authorized entity being authorized to 

4 access the instance of data. 

1 12. The article of claim 1 1 , wherein the authorized entity comprises an 

2 authorized user. 

1 13. The article of claim 1 1 , wherein the security information comprises a list 

2 of i dentifiers of authorized entities . 

1 14. The article of claim 1 1 , wherein the instructions when executed cause the 

2 database system to further invoke another one of the security functions to remove an 

3 identifier from the security information. 
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1 15. The article of claim 5, wherein the instructions when executed cause the 

2 database system to provide the first data type by providing the first data type defining one 

3 or more security functions to perform one or more predefined tasks. 

1 16. The article of claim 15, wherein the instructions when executed cause the 

2 database system to further provide a second data type built upon the first data type, the 

3 second data type inheriting the security information and one or more security functions of 

4 the first data type, wherein the second data type further defines one or more additional 

5 security functions. 

1 17. A database system, comprising: 

2 one or more storage modules to store instances of data, each instance of 

3 data being according to a first secure data type associated with security information; and 

4 a controller adapted to determine whether or not to grant access to one of 

5 the instances of data in response to a query based on whether the associated security 

6 information indicates that a source of the query has permission to access the one instance 

7 of data. 

1 18. The database system of claim 17, comprising an object relational database 

2 management system. 

1 19. The database system of claim 17, wherein the first secure data type 

2 comprises a user-defined data type. 

1 20. The database system of claim 17, the one or more storage modules to 

2 further store instances of data according to a second secure data type. 

1 21 . The database system of claim 20, wherein the second secure data type is 

2 inherited from the first secure data type. 
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1 22. The database system of claim 17, wherein each instance of data is further 

2 associated with one or more methods defined by the first secure data type, and wherein 

3 the controller is adapted to invoke the one or more methods to process instances of data 

4 according to the first secured data type. 

1 23. A database system comprising: 

2 one or more storage modules to store data instances according to a secure 

3 user-defined data type, the secure user-defined data type defining security information 

4 and one or more security functions; and 

5 a controller adapted to receive a Structured Query Language query 

6 originated by a source for one of the data instances, the controller adapted to determine if 

7 the source is authorized to access the one data instance based on the security information, 

8 the controller adapted to further invoke the one or more security functions 

9 to process the one data instance. 
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